<?php
	session_start();
	include "include.php";
	mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die(mysql_error());
	mysql_select_db(DB_NAME);
?>
<html>
<head>
<title><?php echo $SITE_TITLE ?> - Login</title>
<link rel="stylesheet" type="text/css" href="main.css" />
</head>
<div id="container">
<div id="top">
<?php include "top.php" ?>
</div>
<div id="leftnav">
</div>
<div id="content">
<?php
$sql = "SELECT * from users WHERE users_login = '" . strtolower($_POST["username"]) . "';";
$result = mysql_query($sql);
if(mysql_num_rows($result) < 1) {
	echo "User not found or password incorrect.<br><a href=\"" . $SITE_URL . "\">Return to homepage</a>";
}
else {
	$myrow = mysql_fetch_row($result);
	$password = md5($myrow[3].$_POST["password"]);
	if($password != $myrow[2]) {
		echo "User not found or password incorrect.<br><a href=\"" . $SITE_URL . "\">Return to homepage</a>";
	}
	else {
		$login_id = $myrow[0] . "_" . $remote_ip;
		$_SESSION["login_id"] = $login_id;
		echo "Login Successful.<br><a href=\"" . $SITE_URL . "\">Return to homepage</a>";
		if($_POST["password"] == "temp") {
			$_SESSION["change_password"] = 1;
		}
	}
}
?>
</div>
<div id="footer">
<?php include "footer.php" ?>
</div>
</div>
</body>
</html>